Univention Bugzilla – Bug 47063
linux: Multiple issues (4.2)
Last modified: 2018-08-22 15:03:14 CEST
grep -l '^4[.]9-upstream-stable:.*4[.]9[.]\(9[0-9]\|10[0-9]\)' */CVE-????-*|sort -t/ -k2.5n -k2.10n|xargs grep ^Description|cut -d/ -f2-|cut -d: -f1,3- CVE-2017-17975: Double-free in usbtv driver CVE-2017-18218: net: hns: Fix a skb used after free bug CVE-2017-18222: net: hns: fix ethtool_get_strings overflow in hns driver CVE-2017-18255: DoS in perf_cpu_time_max_percent_handler CVE-2017-18257: f2fs: fix a dead loop in f2fs_fiemap() CVE-2018-1066: Null pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() when empty TargetInfo is returned in NTLMSSP setup negotiation response allowing to crash client's kernel CVE-2018-1087: kvm/x86: fix icebp instruction handling CVE-2018-1092: NULL pointer dereference in ext4/mballoc.c:ext4_process_freed_data() when mounting crafted ext4 image CVE-2018-1093: Out of bounds read in ext4/balloc.c:ext4_valid_block_bitmap() causes crash with crafted ext4 image CVE-2018-1108: random: fix crng_ready() test CVE-2018-1120: FUSE-backed /proc/PID/cmdline CVE-2018-1130: dccp: check sk for closed state in dccp_sendmsg() CVE-2018-3639: Speculative Store Bypass CVE-2018-7757: scsi: libsas: fix memory leak in sas_smp_get_phy_events() CVE-2018-8781: Integer overflow in drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() can allow attackers to execute code in kernel space CVE-2018-8822: ncpfs: memory corruption in ncp_read_kernel() CVE-2018-8897: x86/entry/64: Don't use IST entry for #BP stack CVE-2018-10087: kernel/exit.c: avoid undefined behaviour when calling wait4() CVE-2018-10940: cdrom: information leak in cdrom_ioctl_media_changed() CVE-2018-1000199: perf/hwbp: Simplify the perf-hwbp code, fix documentation
r18135 | Bug #47063: linux-4.9.102 repo_admin.py --cherrypick -r 4.2 -s errata4.2-3 --releasedest 4.2 --dest errata4.2-4 -p linux Package: linux Version: 4.9.30-2A~4.2.0.201805241043 Branch: ucs_4.2-0 Scope: errata4.2-4
[4.2-4] eeac267c87 Bug #47063: linux-4.9.102 WIP doc/errata/staging/linux.yaml | 73 ++++++++++++++++++++++ .../staging/univention-kernel-image-signed.yaml | 73 ++++++++++++++++++++++ doc/errata/staging/univention-kernel-image.yaml | 73 ++++++++++++++++++++++
[4.2-4] 10f6180761 Bug #47063 kernel: linux-4.9.102 kernel/univention-kernel-image/debian/changelog | 6 ++++++ kernel/univention-kernel-image/debian/rules | 2 +- Package: univention-kernel-image Version: 10.0.0-13A~4.2.0.201805241058 Branch: ucs_4.2-0 Scope: errata4.2-4 [4.2-4] ba7c24afd8 Bug #47063: linux-4.9.102 WIP doc/errata/staging/univention-kernel-image.yaml | 2 +-
r18136 | Bug #47063: linux-4.9.103 CVE-2018-10021: ata qc leak in drivers/scsi/libsas/sas_scsi_host.c allows local users to cause denial-of-service Package: linux Version: 4.9.30-2A~4.2.0.201805260747 Branch: ucs_4.2-0 Scope: errata4.2-4 [4.2-4] dbcf3d4813 Bug #47063: linux-4.9.103 WIP doc/errata/staging/linux.yaml | 7 +++++-- doc/errata/staging/univention-kernel-image-signed.yaml | 5 ++++- doc/errata/staging/univention-kernel-image.yaml | 5 ++++- 3 files changed, 13 insertions(+), 4 deletions(-)
[4.2-4] bba9796ac9 Bug #47063: Update to linux-4.9.103-ucs110 .../univention-kernel-image-signed/debian/changelog | 12 ++++++++++++ kernel/univention-kernel-image-signed/debian/control | 10 +++++----- .../vmlinuz-4.9.0-ucs109-amd64.efi.signed | Bin 4089168 -> 0 bytes .../vmlinuz-4.9.0-ucs110-amd64.efi.signed | Bin 0 -> 4092144 bytes Package: univention-kernel-image-signed Version: 3.0.2-24A~4.2.0.201805281211 Branch: ucs_4.2-0 Scope: errata4.2-4 OK: vimdiff <(./linux-dmesg-norm 4.9.0-ucs109-amd64.89) <(./linux-dmesg-norm 4.9.0-ucs110-amd64.103) Speculative Store Bypass: Vulnerable OK: amd64 @ kvm+OVMF+SB OK: amd64 @ kvm-SeaBIOS OK: amd64 @ xen1 FYI: 4.9.104 with 329 patches is in the review phase
r18136 | Bug #47063: linux-4.9.104 CVE-2018-6412 kernel: Incorrect integer signedness in sbuslibc:sbusfb_ioctl_helper() allows for information leakage CVE-2018-8087 kernel: Memory leak in drivers/net/wireless/mac80211_hwsim.c:hwsim_new_radio_nl() can lead to potential denial of service Package: linux Version: 4.9.30-2A~4.2.0.201805301101 Branch: ucs_4.2-0 Scope: errata4.2-4
r18146 | Bug #47063: linux-4.9.104 r18148 | Bug #47063: linux-4.9.105 Package: linux Version: 4.9.30-2A~4.2.0.201805310724 Branch: ucs_4.2-0-errata4.2-4 Scope: errata4.2-4 [4.2-4] af68f43b30 Bug #47063: Update to linux-4.9.105-ucs110 .../debian/changelog | 6 ++++++ .../vmlinuz-4.9.0-ucs110-amd64.efi.signed | Bin 4092144 -> 4095472 bytes 2 files changed, 6 insertions(+) Package: univention-kernel-image-signed Version: 3.0.2-25A~4.2.0.201806011222 Branch: ucs_4.2-0 Scope: errata4.2-4 [4.2-4] 8db3646c96 Bug #47063: linux-4.9.105 doc/errata/staging/linux.yaml | 11 +++++++++-- doc/errata/staging/univention-kernel-image-signed.yaml | 11 +++++++++-- doc/errata/staging/univention-kernel-image.yaml | 9 ++++++++- OK: vimdiff <(./linux-dmesg-norm 4.9.0-ucs109-amd64.89) <(./linux-dmesg-norm 4.9.0-ucs110-amd64.105) OK: amd64 @ kvm+OVMF+SB OK: amd64 @ kvm-SeaBIOS OK: amd64 @ xen1
r18175 | Bug #47063: linux-4.9.108 r18176 | Bug #47063: linux-4.9.108 p ~/REPOS/repo-ng/build-package/build-package-ng -r 4.2-4 -s errata4.2-4 -p linux Package: linux Version: 4.9.30-2A~4.2.4.201806141224 ^ Branch: ucs_4.2-0 Scope: errata4.2-4
Package: linux Version: 4.9.30-2A~4.2.0.201806141629 Branch: ucs_4.2-0-errata4.2-4 Scope: errata4.2-4 [4.2-4] 86906089b1 Bug #47063: Update to linux-4.9.108-ucs110 Package: univention-kernel-image-signed Version: 3.0.2-26A~4.2.0.201806161507 Branch: ucs_4.2-0 Scope: errata4.2-4 [4.2-4] f02eecae80 Bug #47063: linux-4.9.108 doc/errata/staging/linux.yaml | 4 ++-- doc/errata/staging/univention-kernel-image-signed.yaml | 4 ++-- doc/errata/staging/univention-kernel-image.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) r18178 | Bug #47063: linux-4.9.108 Package: linux Version: 4.9.30-2A~4.2.4.201806161523 Branch: ucs_4.2-0 Scope: errata4.2-4
Package: linux Version: 4.9.30-2A~4.2.4.201806161523 Branch: ucs_4.2-0-errata4.2-4 Scope: errata4.2-4 [4.2-4] ca926a14ef Bug #47063: Update to linux-4.9.109-ucs110 .../debian/changelog | 6 ++++++ .../vmlinuz-4.9.0-ucs110-amd64.efi.signed | Bin 4098352 -> 4090736 bytes 2 files changed, 6 insertions(+) Package: univention-kernel-image-signed Version: 3.0.2-27A~4.2.0.201806170756 Branch: ucs_4.2-0 Scope: errata4.2-4 [4.2-4] 2fa8b0a5e7 Bug #47063: linux-4.9.109 YAML doc/errata/staging/linux.yaml | 4 ++-- doc/errata/staging/univention-kernel-image-signed.yaml | 4 ++-- doc/errata/staging/univention-kernel-image.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) OK: vimdiff <(./linux-dmesg-norm 4.9.0-ucs109-amd64.89) <(./linux-dmesg-norm 4.9.0-ucs110-amd64.105) + Speculative Store Bypass: Vulnerable - x86/fpu: Using 'eager' FPU context switches. OK: amd64 @ kvm+OVMF+SB OK: amd64 @ kvm-SeaBIOS OK: amd64 @ xen1
7d8c8eea02 | UCS 4.2-3 is out of maintainance
--- mirror/ftp/4.2/unmaintained/4.2-4/source/univention-kernel-image_10.0.0-12A~4.2.0.201802151039.dsc +++ apt/ucs_4.2-0-errata4.2-4/source/univention-kernel-image_10.0.0-13A~4.2.0.201805241058.dsc @@ -1,6 +1,10 @@ -10.0.0-12A~4.2.0.201802151039 [Thu, 15 Feb 2018 10:39:34 +0100] Univention builddaemon <buildd@univention.de>: +10.0.0-13A~4.2.0.201805241058 [Thu, 24 May 2018 10:58:24 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. No patches were applied to the original source package + +10.0.0-13 [Thu, 24 May 2018 10:56:07 +0200] Philipp Hahn <hahn@univention.de>: + + * Bug #47063: Update to linux-4.9.81-ucs110 10.0.0-12 [Thu, 15 Feb 2018 10:38:47 +0100] Philipp Hahn <hahn@univention.de>: <http://10.200.17.11/4.2-4/#6697111479708309984>
--- mirror/ftp/4.2/unmaintained/4.2-4/source/univention-kernel-image-signed_3.0.2-22A~4.2.0.201803231159.dsc +++ apt/ucs_4.2-0-errata4.2-4/source/univention-kernel-image-signed_3.0.2-27A~4.2.0.201806170756.dsc @@ -1,6 +1,26 @@ -3.0.2-22A~4.2.0.201803231159 [Fri, 23 Mar 2018 11:59:02 +0100] Univention builddaemon <buildd@univention.de>: +3.0.2-27A~4.2.0.201806170756 [Sun, 17 Jun 2018 07:56:57 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. No patches were applied to the original source package + +3.0.2-27 [Sun, 17 Jun 2018 07:50:15 +0200] Philipp Hahn <hahn@univention.de>: + + * Bug #47063: Update to linux-4.9.109-ucs110 + +3.0.2-26 [Sat, 16 Jun 2018 09:16:21 +0200] Philipp Hahn <hahn@univention.de>: + + * Bug #47063: Update to linux-4.9.108-ucs110 + +3.0.2-25 [Fri, 01 Jun 2018 12:07:46 +0200] Philipp Hahn <hahn@univention.de>: + + * Bug #47063: Update to linux-4.9.105-ucs110 + +3.0.2-24 [Mon, 28 May 2018 11:59:01 +0200] Philipp Hahn <hahn@univention.de>: + + * Bug #47063: Update to linux-4.9.103-ucs110 + +3.0.2-23 [Thu, 24 May 2018 11:00:54 +0200] Philipp Hahn <hahn@univention.de>: + + * Bug #47063: Update to linux-4.9.89-ucs110 3.0.2-22 [Fri, 23 Mar 2018 11:56:35 +0100] Philipp Hahn <hahn@univention.de>: <http://10.200.17.11/4.2-4/#6697111479708309984>
--- mirror/ftp/4.2/unmaintained/4.2-4/source/linux_4.9.30-2A~4.2.0.201803221415.dsc +++ apt/ucs_4.2-0-errata4.2-4/source/linux_4.9.30-2A~4.2.4.201806161523.dsc @@ -1,4 +1,4 @@ -4.9.30-2A~4.2.0.201803221415 [Thu, 22 Mar 2018 14:15:04 +0100] Univention builddaemon <buildd@univention.de>: +4.9.30-2A~4.2.4.201806161523 [Sat, 16 Jun 2018 15:23:05 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 10_backport @@ -79,6 +79,28 @@ 60_patch-4.9.87 60_patch-4.9.88 60_patch-4.9.89 + 60_patch-4.9.90 + 60_patch-4.9.91 + 60_patch-4.9.92 + 60_patch-4.9.93 + 60_patch-4.9.94 + 60_patch-4.9.95 + 60_patch-4.9.96 + 60_patch-4.9.97 + 60_patch-4.9.98 + 60_patch-4.9.99 + 61_patch-4.9.100 + 61_patch-4.9.101 + 61_patch-4.9.102 + 61_patch-4.9.103 + 61_patch-4.9.104 + 61_patch-4.9.105 + 61_patch-4.9.106 + 61_patch-4.9.107 + 61_patch-4.9.107_fixup + 61_patch-4.9.107_fixup + 61_patch-4.9.108 + 61_patch-4.9.109 4.9.30-2 [Mon, 12 Jun 2017 16:24:30 +0100] Ben Hutchings <ben@decadent.org.uk>: <http://10.200.17.11/4.2-4/#6697111479708309984>
r18200 | Bug #47063: Linux 4.9.116 Package: linux Version: 4.9.30-2A~4.2.0.201808011018 Branch: ucs_4.2-0 Scope: errata4.2-4 [4.2-4] b4e0c32c8d Bug #47063: linux-4.9.116 Package: univention-kernel-image-signed Version: 3.0.2-28A~4.2.0.201808011549 Branch: ucs_4.2-0 Scope: errata4.2-4 [4.2-4] b4e0c32c8d Bug #47063: linux-4.9.116 doc/errata/staging/linux.yaml | 20 ++++++++++++++++++-- doc/errata/staging/univention-kernel-image-signed.yaml | 20 ++++++++++++++++++-- doc/errata/staging/univention-kernel-image.yaml | 18 +++++++++++++++++- 3 files changed, 53 insertions(+), 5 deletions(-) OK: amd64 @ kvm-SeaBIOS OK: amd64 @ kvm+OVMF+SB OK: amd64 @ xen1
r18237 | Bug #47063: Linux 4.9.118 Package: linux Version: 4.9.30-2A~4.2.0.201808080917 Branch: ucs_4.2-0 Scope: errata4.2-4 CVE-2017-18216: ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent CVE-2017-18224: ocfs2: ip_alloc_sem should be taken in ocfs2_get_block() CVE-2018-1118: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() CVE-2018-5390: Linux Kernel TCP implementation vulnerable to Denial of Service CVE-2018-10876: use-after-free in jbd2_journal_commit_transaction() CVE-2018-10877: out-of-bound access in ext4_ext_drop_refs() CVE-2018-10878: out-of-bound write in ext4_init_block_bitmap() CVE-2018-10881: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image CVE-2018-10882: stack-out-of-bounds write infs/jbd2/transaction.c CVE-2018-10883: stack-out-of-bounds write in jbd2_journal_dirty_metadata() CVE-2018-13405: Fix up non-directory creation in SGID directories CVE-2018-13406: video: uvesafb: Fix integer overflow in allocation CVE-2018-14734: infiniband: fix a possible use-after-free bug 4.9.119 is scheduled for tomorrow. CVE 2018-9363 remains unfixed. [4.2-4] 0c6eed22cd Bug #47063: Linux 4.9.118 YAML doc/errata/staging/linux.yaml | 20 ++++++++++++++++++-- .../staging/univention-kernel-image-signed.yaml | 20 ++++++++++++++++++-- doc/errata/staging/univention-kernel-image.yaml | 18 +++++++++++++++++- 3 files changed, 53 insertions(+), 5 deletions(-) TBC...
[4.2-4] 9c6b6b5eae Bug #47063: Update to linux-4.9.118-ucs110 .../debian/changelog | 6 ++++++ .../vmlinuz-4.9.0-ucs110-amd64.efi.signed | Bin 4098864 -> 4097776 bytes 2 files changed, 6 insertions(+) Package: univention-kernel-image-signed Version: 3.0.2-29A~4.2.0.201808081458 Branch: ucs_4.2-0 Scope: errata4.2-4 [4.2-4] ae54b3bd1f Bug #47063: Linux-signed 4.9.118 YAML doc/errata/staging/univention-kernel-image-signed.yaml | 2 +- OK: amd64 @ kvm-SeaBIOS OK: amd64 @ kvm+OVMF+SB OK: amd64 @ xen1
r18252 | Bug #47063: Linux 4.9.119 Package: linux Version: 4.9.30-2A~4.2.0.201808101912 Branch: ucs_4.2-0 Scope: errata4.2-4
4.9.119 fixes: * CVE-2018-12233: Memory corruption in JFS setattr Package: univention-kernel-image-signed Version: 3.0.2-30A~4.2.0.201808130904 Branch: ucs_4.2-0 Scope: errata4.2-4 [4.2-4] 1e5cc5fdd6 Bug #47063: univention-kernel-image-signed 3.0.2-30A~4.2.0.201808130904 doc/errata/staging/univention-kernel-image-signed.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) OK: amd64 @ kvm-SeaBIOS OK: i386 @ kvm-SeaBIOS OK: amd64 @ kvm+OVMF+SB OK: amd64 @ xen1
r18257 | Bug #47063: Linux 4.9.120 Package: linux Version: 4.9.30-2A~4.2.0.201808161300 Branch: ucs_4.2-0 Scope: errata4.2-4 CVE-2018-3646: L1 Terminal Fault
(In reply to Philipp Hahn from comment #20) > r18257 | Bug #47063: Linux 4.9.120 4.9.121 is already in in the patch-review phase and is scheduled for tomorrow; I will skip 120 and import that newer version as it contains more L1tF fixes and also fixes CVE-2018-9363.
For testing L1TF I needed the fixed kernel anyway, so here it is: Package: univention-kernel-image-signed Version: 3.0.2-31A~4.2.0.201808171440 Branch: ucs_4.2-0 Scope: errata4.2-4 4.2-4] f70fe68a79 Bug #47063: linux 4.9.120 doc/errata/staging/linux.yaml | 7 +++++-- doc/errata/staging/univention-kernel-image-signed.yaml | 7 +++++-- doc/errata/staging/univention-kernel-image.yaml | 5 ++++- 3 files changed, 14 insertions(+), 5 deletions(-) [4.2-4] e605bb350c Bug #47063: Update to linux-4.9.120-ucs110 .../debian/changelog | 6 ++++++ .../vmlinuz-4.9.0-ucs110-amd64.efi.signed | Bin 4093808 -> 4101872 bytes 2 files changed, 6 insertions(+) OK: flags +=(eagerfpu flush_l1d ssbd ibrs ibpb stibp) with µCode-2018-08-07
r18259 | Bug #47063: Linux 4.9.122 Package: linux Version: 4.9.30-2A~4.2.0.201808201429 Branch: ucs_4.2-0 Scope: errata4.2-4
[4.2-4] 71b925b41a Bug #47063: Update to linux-4.9.122-ucs110 .../debian/changelog | 6 ++++++ .../vmlinuz-4.9.0-ucs110-amd64.efi.signed | Bin 4101872 -> 4099056 bytes 2 files changed, 6 insertions(+) Package: univention-kernel-image-signed Version: 3.0.2-32A~4.2.0.201808211106 Branch: ucs_4.2-0 Scope: errata4.2-4 [4.2-4] 74d304d236 Bug #47063: linux 4.9.122 doc/errata/staging/linux.yaml | 12 ++++++++++-- doc/errata/staging/univention-kernel-image-signed.yaml | 12 ++++++++++-- doc/errata/staging/univention-kernel-image.yaml | 10 +++++++++- 3 files changed, 29 insertions(+), 5 deletions(-) OK: vimdiff <(./linux-dmesg-norm 4.9.0-ucs109-amd64) <(./linux-dmesg-norm 4.9.0-ucs110-amd64) OK: amd64 @ KVM OVMF+SB OK: amd64 @ KVM SeaBIOS OK: i386 @ KVM SeaBIOS OK: amd64 @ xen1
Created attachment 9633 [details] bug47063_upstream_patches.diff Weird, 61_patch-4.9.105.quilt has DOS line endings. All other patches not and upstream patch-4.9.104-105.gz neither. Some later quilt files also have litte diffreences of the patch markup, but are otherwise identical to the files I fetched from https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/incr/ , see attached diff. Installation and reboot worked. I guess the patches are ok, could you have a quick look to confirm? The ordering of the CVEs is pretty weird too and the description item list order doesn't match the order if the CVE list.
(In reply to Arvid Requate from comment #25) > Weird, 61_patch-4.9.105.quilt has DOS line endings. All other patches not > and upstream patch-4.9.104-105.gz neither. I had to convert to to ISO-8859-1 as the patch otherwise does not apply; the linux.tar.xz from Debian seems to be ISO-8859-1 encoded. > Some later quilt files also have > litte diffreences of the patch markup, but are otherwise identical to the > files I fetched from > https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/incr/ , see attached > diff. Installation and reboot worked. I usually take the patches as mailed by GKH. > I guess the patches are ok, could you have a quick look to confirm? Yes, they are okay. > The ordering of the CVEs is pretty weird too and the description item list > order doesn't match the order if the CVE list. I tried to sort the descriptive text by hand, but the CVE list is the order in which the CVEs were fixed upstream; they are sorted when the errata mail/html is generated.
(In reply to Philipp Hahn from comment #26) > (In reply to Arvid Requate from comment #25) > > The ordering of the CVEs is pretty weird too and the description item list > > order doesn't match the order if the CVE list. > > I tried to sort the descriptive text by hand, but the CVE list is the order > in which the CVEs were fixed upstream; they are sorted when the errata > mail/html is generated. Re-sorted: [4.2-4] f512cef142 Bug #47063: linux 4.9.122 YAML doc/errata/staging/linux.yaml | 4 ++-- doc/errata/staging/univention-kernel-image-signed.yaml | 4 ++-- doc/errata/staging/univention-kernel-image.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-)
Ok.
<http://errata.software-univention.de/ucs/4.2/494.html> <http://errata.software-univention.de/ucs/4.2/495.html> <http://errata.software-univention.de/ucs/4.2/496.html>